Red Hat JBoss BPMS CVE-2016-6343 Cross Site Scripting Vulnerability

Red Hat JBoss BPMS is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Information

Bugtraq ID: 96987
Class: Input Validation Error
CVE: CVE-2016-6343

Remote: Yes
Local: No
Published: Mar 16 2017 12:00AM
Updated: Mar 21 2019 06:00AM
Credit: Jeremy Choi (Red Hat Product Security Team)
Vulnerable: Redhat JBoss Middleware Text-Only Advisories for MIDDLEWARE 0
Redhat Jboss Bpm Suite 6.3.3
Redhat Jboss Bpm Suite 6.3.2
Redhat Jboss Bpm Suite 6.3.1
Redhat Jboss Bpm Suite 6.3.0
Redhat Jboss Bpm Suite 6.0.0

Not Vulnerable: Redhat Jboss Bpm Suite 6.4.2

Exploit

To exploit this issue an attacker must entice an unsuspecting victim to follow a malicious URI.

References:

Red Hat Homepage (Red Hat)
Bug 1371801 - (CVE-2016-6343) CVE-2016-6343 JBoss bpms 6.3.x reflected XSS in d (bugzilla)
RHSA-2017:0557-1: Red Hat JBoss BPM Suite security update (Redhat)

Source: www.securityfocus.com

Exploit Collector

Search Exploit